[Samba] Samba and Heimdal Kerberos V Authentication

Ludek Finstrle ludek.finstrle at pzkagis.cz
Tue Dec 5 09:37:53 GMT 2006

> >> > I am curious whether it is possible to have Samba authenticate against
> >> > Kerberos as a password backend, particularly with the Heimdal
> >> > implementation. I really am not much of a Windows guru and try to
> >> > avoid the OS as much as possible; but I have gathered that from 2000
> >> > onwards it has supported Kerberos V for authentication. Would this
> >> > mean that the winbind backend could be used to talk to the Kerberos
> >> > server?
> >> >
> >> > I really want to avoid having to write any custom scripts or wrappers
> >> > to synchronize passwords between Samba and Kerberos.
> >>
> >> Recommended reading:
> >> http://www.pdc.kth.se/heimdal/heimdal.html#Using-LDAP-to-store-the-database
> >>
> Yes I use it with ~1000 users, and it's working like charm, you just
> have to take care of the ACLs of passwords stored on LDAP as stated on
> Samba and Heimdal documentations, also if you want nonsasl binds you may
> want to set the userPassword attributes to
> {SASL}theusersuid at YOUR.KERBEROS.REALM. I've attached my
> /usr/lib/sasl2/slapd.conf, /etc/default/saslauthd (I use debian), and
> hdb.schema (I've found it googleing).


  I see no way to authenticate Samba againist Kerberos without AD.
As I know samba doesn't use userPassword but it use sambaLMPassword and
sambaNTPassword instead (due to different encryption). So what's the
difference between storing Kerberos data in LDAP and storing it

Am I missing something important?



More information about the samba mailing list